this post was submitted on 23 Jul 2023
86 points (97.8% liked)

Explain Like I'm Five

14413 readers
152 users here now

Simplifying Complexity, One Answer at a Time!

Rules

  1. Be respectful and inclusive.
  2. No harassment, hate speech, or trolling.
  3. Engage in constructive discussions.
  4. Share relevant content.
  5. Follow guidelines and moderators' instructions.
  6. Use appropriate language and tone.
  7. Report violations.
  8. Foster a continuous learning environment.

founded 2 years ago
MODERATORS
top 21 comments
sorted by: hot top controversial new old
[–] Aux@lemmy.world 14 points 1 year ago (2 children)

DRM is an umbrella term for technologies which allow media consumption for legitimate users and prevent access to everyone else. Examples are CD copy protection, serial numbers for software, as well as modern tools like encryption and remote access validation.

Most people don't use extensions thus no one will notice in general.

[–] Wild_Mastic@lemmy.world 46 points 1 year ago (2 children)

I still don't get how people use Internet without adblockers

[–] Aux@lemmy.world 13 points 1 year ago (1 children)

People are technically illiterate. For most of human history, majority of population couldn't read. Right until basic education started to be enforced. And it wasn't something most approved back in the days.

[–] bionicjoey@lemmy.ca 8 points 1 year ago* (last edited 1 year ago) (1 children)

For most of human history, majority of population couldn't read.

Common misconception. Most people couldn't read and write in Latin, which was the only literacy statistic anyone cared about in the middle ages. People could usually write out something in their mother tongue in order to write a letter or leave a note. Keep in mind that spelling was not standardized in English until basic education (as you alluded to). That's when rules about grammar and spelling started to be standardized. Prior to that, people just wrote phonetically and there was no societal norms for that being wrong. As long as you could be understood, you were writing.

[–] Aux@lemmy.world -1 points 1 year ago (1 children)

Majority of population was not speaking English at all.

[–] bionicjoey@lemmy.ca 3 points 1 year ago

That's why I said mother tongue.

[–] OptimusPhillip@lemmy.world 1 points 1 year ago

At least in my experience, ads are rarely that obtrusive. They're usually either shunted off into a sidebar or, in the case of a video site, short and/or skippable. I have run across more intrusive ads in the past, but they were few and far between. I have an adblocker now, but I have more than a few sites whitelisted.

[–] theneverfox@pawb.social 12 points 1 year ago (1 children)

It stands for digital rights management, and basically it's anything that attempts to manage how you use your hardware.

For example, Keurigs that use the qr code to tell the size of the pod are an example of DRM - they attempt to keep you from using 3rd party pods (I think they walked this back).

It's also a great example of how it's more an annoyance that makes the product worse than anything else - you could tape an "official" pod wrapper to the top and it will work with any pod. It also makes it less sanitary and if the wrapper shifts it introduces extra steps between you and your coffee, which should be a criminal offense

It's next to impossible to fully control a device in someone else's hands. YouTube videos use DRM, but you can find plenty of ways to download them in an open format anyways.

The exception is when they call out to a remote server - a lot of video games do this (unfortunately even single player games do this a lot now). They might check for ownership before you start the game, but lately they've been drilling holes in the security of your computer so they can make sure you haven't modified it (even for single player games!), which should also be criminal.

This is much harder to crack, but it can still be done.

Then you get to DRM that runs on both sides, which is what this proposal is. They basically want a 3rd party "attester" to verify that your browser is "legit" (what they mean by that is kept pretty vague). Then, when you access a site, the site checks your request, confirms with the attester that your browser is "legit" and will run their code on your machine as written, and if the attester doesn't give the all clear they send you an error page instead of the site you asked for.

So let's go through some of the concerns I have after reading through the proposal:

  • Many sites decide Firefox, as the only major browser not based off Google's browser engine, isn't "legit". Already, some sites block Firefox, so this is very likely

  • Anyone can set up an attester, but sites can decide which they trust. The attester has a lot of access to data which can positively identify you, but they're only supposed to send a bit of it. If Facebook decides they only trust their own attester, they're probably not going to pass up collecting as much data as they can. That could include everything from the phone you have, the apps you have installed. Facebook doesn't need to know where I bank, but if their attester becomes standard, they might get that info even if I never use a Facebook product. Or, all attesters might decide to sell data as their business model

  • The only privacy considerations seem to be "we had privacy advocates in the group that drafted this proposal". If this is true, I'm not sure who they were, because privacy didn't come up too often

There's zero reason for this to exist, except to lock down our devices. This benefits corporations - it offers absolutely nothing to users. There's no way it could ever offer anything to users. .

All it does is let websites block users based on vaguely defined criteria - it's a proposal so the details are vague, but the most generous reading would be that they could restrict you based on browser, the least generous reading means everyone could tell you to uninstall a competitor's app before you can use theirs (and selling every scrap of information about you imaginable)

[–] GiuseppeAndTheYeti@midwest.social 2 points 1 year ago (1 children)

There's no way it could ever offer anything to users.

I'm not so certain about that. I wouldn't know the exact implementation or if it is possible/feasible, but couldn't this 3rd party attester cut down targeted attacks to servers? (Like DDoS attacks or other server vulnerabilities).

Not AT ALL saying that the ends justify the means in this case. Google can fuck right off with any claim to security or privacy, but that's my first thought to an actual benefit.

[–] intensely_human@lemm.ee 1 points 3 months ago

How would a 3rd party attester cut down on DDoS attacks?

[–] Jmr@lemmy.world 11 points 1 year ago

DRM is protection for a type of media. An example would be Denuvo. The issue is that Google is an Ad company and they need ads to live so they want to add DRM to websites. And since they make Chromium they also want to block ad-blockers on the world most used browser